You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by David Higginbotham <Da...@irondata.com> on 2010/04/20 21:05:12 UTC
is is possible to override the default security manager in the web filter ?
I'm trying to use the ShiroFilter. I'd like to extend the default
security manager and start up this new security manager in the filter.
Is this possible ?
securityManager = domain.mystuff.MySecurityManager
securityManager.sessionMode = native
As far as I can tell this is being ignored. I always get an instance of
the DefaultSecurityManager.
Thanks,
David
RE: is is possible to override the default security manager in the web filter ?
Posted by David Higginbotham <Da...@irondata.com>.
The only reason I went down this path is when my session timed out I
wanted to redirect the user to the login page. The behavior I currently
get is the session times out and Shiro automatically logs the user back
in anonymously (which is bad for what I'm doing).
I tracked down a method called onInvalidSessionId() which I figured I
could override and use for the redirection. I'd rather not do this but
I'm not sure what my options are.
Thanks,
David
-----Original Message-----
From: les.hazlewood@anjinllc.com [mailto:les.hazlewood@anjinllc.com] On
Behalf Of Les Hazlewood
Sent: Tuesday, April 20, 2010 2:12 PM
To: shiro-dev@incubator.apache.org
Subject: Re: is is possible to override the default security manager in
the web filter ?
Sure, this should work:
[main]
securityManager = com.whatever...MySecurityManager
...
However, it is very odd to subclass the SecurityManager
implementations - they are designed specifically to be global wrappers
around the components that do the heavy lifting. You should be able
to plug in those components rather than subclassing your own SM. Of
course, you can do whatever you want, but that's the general idea ;)
Also, you should be using the
org.apache.shiro.web.servlet.IniShiroFilter now - not the
org.apache.shiro.web.servlet.ShiroFilter. The plain ShiroFilter has
been deprecated and will be removed for the 1.0 release.
Regards,
Les
On Tue, Apr 20, 2010 at 7:05 PM, David Higginbotham
<Da...@irondata.com> wrote:
>
> I'm trying to use the ShiroFilter. I'd like to extend the default
> security manager and start up this new security manager in the filter.
> Is this possible ?
>
> securityManager = domain.mystuff.MySecurityManager
> securityManager.sessionMode = native
>
> As far as I can tell this is being ignored. I always get an instance
of
> the DefaultSecurityManager.
>
> Thanks,
>
> David
>
Re: is is possible to override the default security manager in the
web filter ?
Posted by Les Hazlewood <lh...@apache.org>.
Sure, this should work:
[main]
securityManager = com.whatever...MySecurityManager
...
However, it is very odd to subclass the SecurityManager
implementations - they are designed specifically to be global wrappers
around the components that do the heavy lifting. You should be able
to plug in those components rather than subclassing your own SM. Of
course, you can do whatever you want, but that's the general idea ;)
Also, you should be using the
org.apache.shiro.web.servlet.IniShiroFilter now - not the
org.apache.shiro.web.servlet.ShiroFilter. The plain ShiroFilter has
been deprecated and will be removed for the 1.0 release.
Regards,
Les
On Tue, Apr 20, 2010 at 7:05 PM, David Higginbotham
<Da...@irondata.com> wrote:
>
> I'm trying to use the ShiroFilter. I'd like to extend the default
> security manager and start up this new security manager in the filter.
> Is this possible ?
>
> securityManager = domain.mystuff.MySecurityManager
> securityManager.sessionMode = native
>
> As far as I can tell this is being ignored. I always get an instance of
> the DefaultSecurityManager.
>
> Thanks,
>
> David
>